'''Note: for a full how to on setting up LDAP with cn=config please refer to http://www.zarafa.com/wiki/index.php/Zarafa_LDAP_cn_config_How_To'''

+

'''Note: for a full how to on setting up LDAP with cn=config please refer to [[Zarafa LDAP cn config How To]]'''

+

+

+

'''Note: Zarafa sometimes changes the schema files, especially when new features are introduced. When switching to openldap with dynamic config backend it is strongly recommended that you know how to apply schema changes to the directory when using openldap with dynamic config backend.'''

+

Since openldap 2.3 openldap has the posibility to store the configuration as ldif entries. Openldap will still handle slapd.conf if you choose to use that. I was testing on Fedora 12, and when I installed openldap I noticed it defaulted to the new way of storing the config options (with ldif entries).

Since openldap 2.3 openldap has the posibility to store the configuration as ldif entries. Openldap will still handle slapd.conf if you choose to use that. I was testing on Fedora 12, and when I installed openldap I noticed it defaulted to the new way of storing the config options (with ldif entries).

Latest revision as of 11:05, 24 January 2011

Note: Zarafa sometimes changes the schema files, especially when new features are introduced. When switching to openldap with dynamic config backend it is strongly recommended that you know how to apply schema changes to the directory when using openldap with dynamic config backend.

Since openldap 2.3 openldap has the posibility to store the configuration as ldif entries. Openldap will still handle slapd.conf if you choose to use that. I was testing on Fedora 12, and when I installed openldap I noticed it defaulted to the new way of storing the config options (with ldif entries).

As I told earlier, you are still able to use the old way. But if you want to use the new way this document might come in handy. The new way of storing config options has certain advantages above the old way. E.g.: If you wanted to add a schema in the old way, you had to change slapd.conf, add the schema and then restart slapd, in very large environments this process can take a long time. With the new way openldap provides a means to do all this without restarting slapd.

This document will describe how to convert schema files to ldif files which can then be added to your openldap database.

Install openldap

Install Openldap

Add or Change password of RootDN

If you want to add or change the password of the cn=admin,cn=config RootDN, you must edit the file:

/etc/ldap/slapd.d/cn=config/olcDatabase\=\{0\}config.ldif

Put in the olcRootPW entry below olcRootDN:

olcRootPW: config

Now the password is "config" for cn=admin,cn=config

Restart slapd after changing a RootPW like this.

Change Suffix

The default suffix for openldap is you domainname. This paragraph will describe howto change the default suffix.

Did not have the time yet to find out how to do this through ldifs. It should be possible to create new suffixes with ldifs.

I just changed it in the following way:

change to directory cn=config (directory may change per distribution)

cd /etc/ldap/slapd.d/cn=config

Open the file "olcDatabase={0}config.ldif" and change the following entries:

olcSuffix
olcRootDN

Open the file "olcDatabase\=\{2\}monitor.ldif" and change the following entry:

olcAccess

Check all the files in the directory by doing a grep on the old suffix on all the files

Restart slapd after changing the suffix in this way

Convert schema files for import

If you want to add schemas to your openldap, you will need to convert the schema files to ldif files.

zarafa.schema can be found here: /usr/share/doc/zarafa.

Create a file called schema_convert.conf

Add the schema files you need to this file, e.g.:

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/zarafa.schema

Create a directory /tmp/ldif_output

mkdir /tmp/ldif_output

Run slaptest to convert the schemas:

slaptest -f schema_convert.conf -F /tmp/ldif_output

Edit the generated /tmp/ldif_output/cn=config/cn=schema/cn={xx}[schema].ldif and change the lines at the top of the file (Remove the {xx} things, make it look like the following):

Cloning from a Slapcat export

Sometimes you need to clone an openldap database which was exported with slapcat. With this new way openldap stores it's config, you don't have a slapd.conf, so slapadd does not know what to do, and which schemas are available.

On fedora 12 openldap installs a slapd.conf.bak which you can use to add your schemas. If you don't have a slapd.conf.bak, just create your own slapd.conf.bak, and configure it with the proper suffix.